The Perfect Cut-Out: When Global Politics, Espionage and Greed Converge with Technology

Fluid, agile and accessible – the malicious
use of technology can range from simple, uncoordinated attacks to complex,
highly coordinated persistence. Figuring as tool in the commission of a crime
or as a delivery system to exploit many vectors, ‘technology for bad’ is not
new, but what we have seen recently is – and it’s troubling.

When mixed with global politics,
less-than-benevolent corporate tactics and espionage, technology can be a
powerful means to create a few degrees of separation, as in a trusted
intermediary, method or channel to facilitate interactions and communications.
In fact, it can be the perfect cut-out.

Recently, two incidents showed that
technology could be used surreptitiously to move political and corporate
agendas, but at opposite ends of the spectrum: the assassination of Jamal
Khashoggi with the use of the Pegasus tracking spyware, and the alleged spying
by Huawei via its own technology.

Each has an element of politics at the
highest level, where controlling social and economic influences benefit the
agenda of a nation and its allies – but one ends in murder and the outcry for
human rights, and the other, we’re not sure yet. It could have been the crime
of the century.

Khashoggi:
One Man Against the Saudi Regime

A little background on Khashoggi. More than
a journalist, Khashoggi had been a thorn in the side of Saudi crown prince,
Mohammad bin Salman – MBS for short. Quite nearly an existential threat to the
Saudi regime, Khashoggi, who was also a Saudi dissident, had faced years of
persecution for his work.

Khashoggi’s rise, or evolution, from Saudi
establishment asset to a moderate-cum-left-leaning Islamic militant is complex.
Suffice it to say, his dichotomic career and personal and ideological views
formulated two tempests in the Saudi camp: the Islamic rhetoric was challenged
and intellectually scrutinized by one of their own, and a stronghold of
ideologically and politically-vested MBS supporters were girding their loins.
Tactically, not a great position to occupy.

An enemy of the state, Khashoggi rejected
the idea of creating an Islamic state and turned against the Saudi religious
establishment while peppering them with criticisms. With indications that
Khashoggi was planning use his contacts to tactically undermine MBS’ agenda –
strongly supported by the Trump administration – social media
“trolling” had ramped up, and Saudi authorities had banned him from
media engagements after his criticism of Trump’s ascension to the U.S.
presidency. The allegiance between MBS and Trump was clear, and Khashoggi dared
to tread on it.

In October 2018, following Khashoggi’s
murder inside the Saudi Arabian consulate in Istanbul, Trump denounced the act
(sort of) and then appeared to waffle and go soft on Saudi Arabia, calling them
a “great ally” and underscoring the U.S.’ commitment to remaining a
steadfast partner. Maybe saying what Trump could not, Donald Trump Jr. took to
Twitter calling Khashoggi “a democrat reformer journalist holding a RPG
with jihadists.”

On the other side, Khashoggi was soberly
eulogized by The Washington Post – where Khashoggi was a columnist – as
“once sympathetic to Islamist movements,” and CNN described him as a
journalist “who evolved from an Islamist in his twenties to a more liberal
position by the time he was in his forties.” As the headlines spun, it
became very clear: this was more than retaliation for bruised egos or
ideological turn-coating. This was deeply political;

Khashoggi was the nexus of knowledge on MBS’
ground game and inside intelligence on the Saudi regime.

Technology
as a Subversive Tool

With the backdrop of a political manoeuvre, technology played a small but devastating role in Khashoggi’s murder. The unsophisticated “trolling” on social media was relatively benign; nothing more than shots across the bow, it was means to deter and split Khashoggi’s support base. But the infiltration of Khashoggi’s phone texts and messages and tracking his whereabouts using Pegasus spyware turned this into a predatory game of monitoring, luring and ensnaring.

Relying on unpatched zero-day vulnerabilities, Pegasus enables the one-click jailbreak of a cell phone, allowing access to its microphone, camera, keyboard, messaging and data to permit keylogging, screenshot and live audio capture, remote control of the malware via SMS, and messaging data exfiltration from WhatsApp, Skype, Facebook, Twitter, etc. If attempts to disable are detected, it self-destructs.

In fact, Pegasus is so powerful and
damaging that the Israeli company who developed it, the NSO Group, has been
publicly criticized by Edward Snowden. Snowden has charged that Pegasus has
only one purpose: a malicious “burglary tool used to violate the human
rights of dissidents, opposition figures and activists.”

Mobile devices are renowned for
vulnerabilities, and now there are two teams seeking them out: one is to ‘find
and fix’ and the other is to ‘find and exploit until fixed’ (if ever).
Continuous reverse-engineering of iOS and Android operating systems to look for
vulnerabilities to exploit is the backbone of Pegasus’ success. Citizen Lab
researchers have tracked the use of Pegasus to 45 countries where operators
“may be conducting surveillance operations” and at least 10 operators
who “appear to be actively engaged in cross-border surveillance.”

At some point, Khashoggi seemed to suspect
that his messages to Montreal-based activist Omar Abdulaziz had been
intercepted. They had been discussing plans to fight Riyadh’s communications
crackdown, create secure social-media accounts for ordinary Saudis, and likely
much more. One message after this simply read, “God help us.”
Khashoggi knew those spying on his phone would know who he was communicating
with and what they were discussing – even their GPS coordinates. Considering
Khashoggi’s well-publicized opinion of the Saudi regime, this bodes badly.

In a political climate that encourages
cross-plays as tactics – seen in the Iran-Contra affair (interestingly, Adnan
Khashoggi is Jamal Khashoggi’s uncle) – Russia’s presence in Syria and the U.S.’
re-imposed sanctions on Iran, the NSO Group’s involvement looks, well, bad.
While Israel and Saudi Arabia do not have any official diplomatic relations,
they have definitely supported each other’s political and intelligence agendas.

Huawei’s
Year of the Jackal

So far, Huawei is having a rough year. From
the arrest of chief financial officer Meng Wanzhou for alleged violation of
Iran sanctions, creating a U.S.-Canada-China diplomatic dispute, to the
mounting number of countries banning Huawei’s technologies and devices from
broadband and mobile provider infrastructures, things have gone from bad to
worse.

Right now, the U.S. is moving ahead with
extradition against Wanzhou, and Trump is considering an executive order to bar
the use of Huawei’s, and its compatriot ZTE’s, equipment. The Czech Republic
and Australia have already moved on a formal ban. More will certainly follow.

The Huawei play is high stakes for China,
and its global expansion was not by accident or luck. For over a decade, the
Chinese government heavily funded Huawei with billions, and even included them
in trade agreements. Their strategic spread was clearly a much-needed success
for China. A blessing and a curse, Huawei’s inextricable ties to the Chinese
government have been lucrative, but it has now become an enormous security risk
for other nations who have been at the pointy end of China’s espionage.

China’s aggressiveness in export and trade
is well-known, as it was part of its rise to economic power. Now, the stakes
are far above cheaper home electronics, and the government knows that
technology and military advancements are key to their success. Clearly, no
Chinese company is fully independent of the Chinese government, but Huawei’s
optic is not a good one. And to what extent Chinese companies can be compelled
to assist in intelligence gathering for their government is hard to quantify but
deeply feared.

Huawei’s founder, Ren Zhengfei, is a former
technologist for the People’s Liberation Army, and already there have been
numerous accusations of theft of intellectual property by Huawei. It’s taken
years, but the international intelligence community has finally begun to circle
the wagons, and Five-Eyes intelligence chiefs (U.S., Canada, UK, Australia and
New Zealand) have expressed deep concern over purchasing or using Huawei and
ZTE’s telecommunications products, as well as other Chinese companies.

So
Much to Lose

Huawei’s involvement in 5G systems – which will
fuel even more connectivity in the Internet of Things, such as smart cars,
smart homes and smart cities – holds substantial concern. With billions of
devices being connected and communicating with each other, the breadth of spying
risk increases exponentially and includes more valuable and sensitive targets.
Presumably, 5G is going to be subjected to increasing security and controls. This
alone may exclude Huawei, based on the limited prospects due to its links to
the Chinese government.

Huawei has repeatedly defended itself by
claiming it is a dedicated global leader in telecommunications equipment,
already embedded in many Western nation infrastructures, and has complied with
all applicable export controls, laws and other regulations. The concerns over
security, according to Huawei, are simply the high-handedness of the U.S. and
UK in response to China’s growth and trade success.

Not many are buying it, including
Republican Senator Ted Cruz. Cruz has called Huawei “a Communist Party spy
agency thinly veiled as a telecom company.” Let’s suppose for a moment
that Cruz is right. If a government were planning to overthrow other
superpowers, would they stand up several technology companies that supply
essential services (communications) and strategically position them to dominate
world markets? Absolutely.

Would they implement that infrastructure in
key sectors of rival countries and develop devices to run on it, providing even
wider control of those markets? Naturally. Would they create dependencies and
leverage by controlling or shielding vulnerabilities meant to be exploited,
further compromising users of their technologies? Very likely. Maybe they would quietly partner with other
companies, like NSO Group, to maximize surveillance technologies? Or maybe
they’d just copy their intellectual property for themselves.

Possibly this critical infrastructure with
high dependency for national security and economic stability becomes a
bargaining chip, like a missile waiting in a silo. Certainly, the above
scenarios spell a disastrous outcome for rival nations – and human rights and
democracy, if you’re into that kind of thing. Right now, they are just
scenarios, as little is known of the intent and motives behind some of Huawei’s
actions.

The malicious use of technology, as seen in the Khashoggi murder, may be quiet and covertly applied to criminal intentions, to move the needle and allow for a tactical advantage, confounding the rules of fair play. The devastating effect of the Pegasus spyware on national security, human rights, free speech, democracy and just processes can only be imagined. We can only expect this to become more common and frequent, while wringing our hands over what can do about it – if anything.

The malicious use of technology can also be
so obvious and in plain sight, lumbering along for years, that no one would
suspect it may be the mother of all Trojan horses. Suffice it to say, at the
least, free-markets and politics are funny bedfellows, and at the worst, they
can lay the foundation for the most spectacular rise of one nation over the
downfall of others, if they are not watching closely.

Valarie Findlay is an American Society for Evidenced-Based Policing member and a research fellow for the Police Foundation (USA) with two decades of senior-level expertise in cybersecurity and policing initiatives. She has worked extensively on federal cyber initiatives and is a member of the Canadian Association of Chiefs of Police eCrimes Cyber Council and AFCEA DC. She has a Masters in Sociology and a Masters in Terrorism Studies with her dissertation addressing the impacts of terrorism on law enforcement in Western Nations.

Advertisement

Advertisement

Opportunities Powered by OMX

About

Vanguard is Canada’s oldest trade journal of record that provides a forum for Canada’s security and defence community, discussing strategic perspectives and overviews of government and military policy and practice, through interviews with leading practitioners and contributions from renowned experts, including representatives from industry.